HTTPS on WordPress

Step-by-Step Guide for Securing Your WP/ WordPress Site with HTTPS

What is HTTPS

Hypertext Transport Protocol Secure (HTTPS)- HTTPS is a Security Protocol and The protocol is enabled by installing an SSL Certificate on the website’s server. HTTPS signals the browser to use an added encryption layer of SSL to protect the traffic. SSL, Secure Sockets Layer, is the standard security technology for establishing an encrypted link between a web server and a browser.

The WordPress website open with protocol HTTPS is to ensure the integrity, protection, and secure the data that exchange between a server and a client. It also authenticates websites and confirms the website is the trustworthiness.

What is the difference between HTTP and HTTPS?

HTTPS: By default, HTTPS uses 443 port, whereas HTTP use port of 80. The connection between client and browser is encrypted using SSL indicates that the website is secured and the WordPress Website URL’s beginning with HTTPS.

HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer or HTTP over SSL. You can Secure your WordPress Website using HTTPS.

What is a URL example of HTTPS Protocol?

For the URL https://example.com, the protocol identifier is HTTPS. and for the URL http://example.com, the protocol identifier is HTTP. and HTTPS was 70% faster than HTTP.

How SSL Works

The browser/server checks to see whether or not it trusts the SSL certificate. If so, it sends a message to the web server.

The web server sends back a digitally signed acknowledgment to start an SSL encrypted session.

Encrypted data is shared between the browser/server and the web server.

The web server sends the browser/server a copy of its SSL certificate.

A browser or server attempts to connect to a website (i.e. a web server) secured with SSL. The browser/server requests that the web server identify itself.

Is SSL necessary for WordPress SEO?

The WordPress websites which enable SSL, Google will provide minor SEO ranking benefits to the website, You can still get SEO ranking by installing an SSL certificate on your WordPress website.

Now, if in your WordPress Website you have enabled the HTTPS, this means the connection is being encrypted and secured in a way that is decodable only by the computer that is sending the request and the server that’s receiving it. Anyone else would only get an unintelligible code that they can’t put to any use.

Move a WordPress Website from HTTP to HTTPS

WordPress Website that Enabled with HTTPS, Google has started using HTTPS as a ranking signal for the WordPress website. And that has implications for your WordPress site and whether it uses an HTTP or HTTPS protocol.

For now, It will online affect fewer than 2 percent of global search queries and load faster than other HTTP.

In this article, we have already go through the difference between SSL and HTTPS, How HTTPS helps in WordPress SEO?, What is HTTPS?, URL example of HTTPS Protocol? and now we will learn how to Getting an SSL Certificate?, how to install and activate an SSL certificate and how to move insecure WordPress from HTTP to HTTPS on cpanel.

Step-by-Step Guide for Securing Your WP/ WordPress Site with HTTPS

Install WordPress on your website or Back Up Your Website.

Get an SSL certificate for the domain.

Activate an SSL Certificate.

Install SSL on the server.

Add HTTPS to the WordPress Admin Area.

Update the Site Address, Change the website permalinks from HTTP to https.

Change Links in Your Content and Templates.

Implement 301 Redirects in .htaccess.

Test and Go Live.

Update Your Site Environment.

So, first of all, you need to install the WordPress on your domain and get an SSL certificate for the domain to enable HTTPS on your WordPress website, Install SSL on the server and change the website URL from HTTP to https.

If your website is hosted on a dedicated server, VPS or shared-hosting servers with cPanel, this tutorial is applicable but the process on getting it done varies with servers. To follow along with this tutorial, ensure your shared-hosting has SSL/TLS activated. If absent, contact your host and request it. They might charge to activate it.

After it is activated, login to cPanel and under the Security widget, you should see an SSL/TLS manager.

Getting an SSL Certificate

They are basically categorized into three types: Domain Validation, Organization Validation, and Extended Validation.

Extended validation is top of the line. This type of SSL provides the highest degree of security and user trust.

Organization-validated SSL certificates provide a higher level of security and let customers know they can trust your server with their personal information.

Domain-level validation is the most basic type of SSL, The certificate provides basic encryption, are issued very quickly and involve a simple check to verify domain ownership.

Activate an SSL Certificate on WordPress Website

Obtaining CSR code from your hosting company. To obtain the CSR code from an SSL activated a shared-hosting account, follow the steps below:

Login to your cPanel account and navigate to the SSL/TLS Manager.

Click on the link below Certificate Signing Requests (CSR)

Enter the domain that you wish to create the SSL on and click the Generate button.

Your domain Encoded CSR should be shown to you.

Head over to your SSL provider to get started with SSL activation. Enter the CSR code generated above in the provided CSR text area field, select the web-server your host is running on and click the Next button.

Enter your CSR information and approval email.

Submit the order with your contact details. your SSL would be issued and sent to your email after completion of the validation email, A dedicated IP address is required to be assigned to your cPanel account. Most cPanel hosting support Server Name Indication (SNI) – an extension that allows a server to present multiple certificates on the same IP address without using a Dedicated IP.

Upload the certificate (with .crt file extension) or past the certificate in the text area provided.

By Clicking on the link under Install and Manage SSL for your site (HTTPS) you can Activate the SSL on your WordPress website.

Select the domain from the drop-down list, click the Autofill by domain and finally click the Install Certificate button.

Setting-up WordPress for SSL/HTTPS

You must change the URL from saying http://yourdomain.com to https://designmodo.com in Settings > General.

the constant FORCE_SSL_ADMIN should be set to true in your site’s wp-config.php, add the following line into your wp-config.php define('FORCE_SSL_ADMIN', true);

set up a 301 permanent redirect and inform Google of the URL change.To setup, a 301 permanent redirect, add the code below at the top of WordPress’ .htaccess file.

1

2

3

4

RewriteEngine on

RewriteCond %{HTTP_HOST} ^yoursite.com [NC,OR]

RewriteCond %{HTTP_HOST} ^www.yoursite.com [NC]

RewriteRule ^(.*)$ https://www.yoursite.com/$1 [L,R=301,NC]

Change every instance of yoursite.com to your WordPress URL.

Test and Go Live- it’s time to test if everything works correctly. Check your website on https://www.ssllabs.com/ssltest/

Update Your Site Environment- If that worked fine, now time to do the last few steps to complete transfer of your WordPress website

Preserve social share counts — You might have to make some changes in order to keep social share counters up to date. Don’t forget to update the links to your site in your social profiles! And your email templates.

Make the switch in your analytics — For Google Analytics, you find the option under Admin > Property Settings > Default URL. Also, note down when you made the switch to HTTPS to understand traffic changes.

Update your CDN — your CDN should have documentation on this.

Add site to your webmaster tools — Go to every webmaster tool you are using and add the HTTPS version of your site as a new property.

Update your sitemap — With Yoast SEO you might have to switch off the plugin once for it to update the sitemap. Don’t forget to include it in your robots.txt file and update all other hardcoded links you might have there.

Click here to HIRE A WORDPRESS DEVELOPER or contact us if you found any trouble

What SSL will improve in your WordPress website

If someone is going to come to my website, I don’t want a hotel Wi-Fi system or some toolbar defining their experience.

The powers that be of the Internet have made HTTPS standard. If you are not HTTPS, then you get a nasty red warning from most major browsers.

The Internet is littered with the websites of spam-hustlers. An SSL is a good way to signal to readers that “yes, this is an established, legitimate, ongoing business.” The green lock is recognized & fairly powerful.

I don’t think this ranking factor has as much weight as promised, but it is a best practice. Google has said that they see HTTPS as a quality signal in their algorithm.

Going SSL is still daunting enough that doing it yourself warrants a small Nerd Gold Star.

If I ever wanted to accept payments or encrypted information, those pages would need to be SSL. Going sitewide SSL will make future expansion easier. Building a new site architecture & going SSL would be a lot of balls in the air.